Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

Virgin Mobile could be sitting on a security time-bomb.

So says developer Kevin Burke, who claims that the carrier’s poor web security standards expose its customers’ data to attack.

The heart of the vulnerability lies in Virgin Mobile’s six-digit PIN password system, which Burke says can be breached via basic brute force tactics.

This is where the real trouble arises. Once hackers gain access to accounts, they can wreak havoc by snooping on SMS and call records, changing account passwords, and even buying new phones.


MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

While these are serious security problems in their own right, the more worrying thing is that Virgin Mobile doesn’t appear to be taking them very seriously.

In the post, Burke details his lengthy history of contact with Virgin Mobile, which culminated with a collective shrug from the company.

“I reported the issue to Virgin Mobile a month ago and they have not taken any action, nor informed me of any concrete steps to fix the problem, so I am disclosing this issue publicly,” Burke writes.

With security breaches popping up left and right this year, it’s amazing that Virgin Mobile’s stance on the concerns hasn’t been more proactive.

But what’s more amazing is how easy it is to fix the security issues. Burke recommends, for instance, that Virgin Mobile simply allow users to create more complex passwords and employ two-step verification.

Still, in spite of the increasing media coverage, company reactions to the allegations have been tepid. “We are reviewing the systems we have in place and conducting audits to ensure our standards are being met, including for Virgin Mobile,” a spokesperson for Virgin Mobile parent company Sprint told Wired.

In matters of security, it seems that Virgin Mobile customers are on their own.

“Unfortunately, perfect security does not exist on the Internet, and therefore, Virgin Mobile makes no representations or warranties with regard to the sufficiency of our security measures,” Virgin Mobile’s privacy policy reads.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.